How We Survived Our First PCI/HIPAA Compliant Check with Kubernetes - Travis Jeppson, Nav

less than 1 minute read

Abstract

At a high level, Travis will go over what it took for Nav to pass their first compliance check with their application in Kubernetes. At a lower level, he’ll discuss what PCI/HIPAA compliance is like in a world of containers. How to translate, and prioritize, the requirements from a traditional model, using virtual machines, to using a containerized model. What tools are already provided with Kubernetes, such as taints and tolerances, which tools are plug-ins, such as network policies; and what is missing and requires an external service. He’ll briefly cover Nav’s build pipelines and why adding in security checks into the docker builds is important to maintaining a compliant environment. Finally, he’ll discuss how moving forward you can reach a point of attaining a state of constant compliance; there is no reason to struggle to “become” compliant on a quarterly, or yearly, cadence.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

How We Survived Our First PCI/HIPAA Compliant Check with Kubernetes - Travis Jeppson, Nav

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google